APAR status
Closed as documentation error.
Error description
Perform a REST API connection PUT request on /api/v1/session request from a Cognos Analytics 11.2.x on Cloud instance by authenticating to IBMId OIDC throws error "AAA-OIDC-0009 The provided credentials are invalid."
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * 1 * **************************************************************** * PROBLEM DESCRIPTION: * * In 11.2.3 and earlier logon via the session endpoint * * requires the use of non interactive credentials. If the * * authentication provider does not support those then logon is * * not possible. IBMId no longer supports Resource Owner * * Password Credentials (ROPC) grants, so it is not possible to * * logon to that namespace type via the REST API. This is the * * same behavior as OKTA or AzureAD with ROPC disabled. * * * * In 11.2.4 we added API Key authentication so the rest API is * * no longer affected by the IBMId limitation. However the api * * key uses the "scheduling credential" (Trusted Credentials) * * I.e the same credentials that are used to run schedules, so * * it is still dependent on namespace configuration, but should * * support more use cases. * * https://developer.ibm.com/apis/catalog/cognosanalytics--cogn * * os-analytics-rest-api/Getting%20Started * * * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
IBMId no longer supports Resource Owner Password Credentials (ROPC) grants, so it is not possible to logon to that namespace type via the REST API. In 11.2.4 we added API Key authentication so the rest API is no longer affected by the IBMId limitation.
Temporary fix
Comments
APAR Information
APAR number
PH48874
Reported component name
COG ADMINISTRAT
Reported component ID
5724W12AD
Reported release
B09
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-08-23
Closed date
2023-02-26
Last modified date
2023-02-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"Cognos Analytics"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B09","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
27 February 2023